Expected behavior

On ubuntu, the very first thing to do is add our private registry to allow loading of images from a (vpn-ed) untrusted registry

Actual behavior

On ubuntu, I would be able to edit /etc/default/docker and change the OPTS or while creating a docker-machine add the insecure registry to the OPTS as well

Information

OS X: version 10.11.3 (build: 15D21)
Docker.app: version v1.10.3-beta5
Running diagnostic tests:
[OK] docker-cli
[OK] Moby booted
[OK] driver.amd64-linux
[OK] vmnetd
[OK] lofs
[OK] osxfs
[OK] db
[OK] slirp
[OK] menubar
[OK] environment
[OK] Docker
[OK] VT-x
Docker logs are being collected into /tmp/20160331-211925.tar.gz.
Your unique id in bugsnag is: A60C8759-3C6D-4EFB-8873-5D0DCAEF9C71

Also a problem we ran into while hosting an artifactory registry.

docker login xxxxx

Username (nskitch):
Password:
Error response from daemon: invalid registry endpoint xxxxx: unable to ping registry endpoint https://xxxx./v0/
v2 ping attempt failed with error: Get xxxx/v2/: x509: certificate signed by unknown authority
v1 ping attempt failed with error: Get xxxxx: certificate signed by unknown authority. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add --insecure-registry xxxx to the daemon’s arguments. In the case of HTTPS, if you have access to the registry’s CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/xxxx.com/ca.crt

then when trying to include flag:

docker --insecure-registry xxxxx.com login xxxxx.com
flag provided but not defined: --insecure-registry

If I understand correctly, you should be able to configure insecure-registry using pinata set daemon.

$ pinata set daemon @daemon.json
daemon.json -> {"storage-driver":"aufs","debug":true,"insecure-registry":"my.insecure.registry:5000"}
$ pinata get daemon
{"storage-driver":"aufs","debug":true,"insecure-registry":"my.insecure.registry:5000"}

I wasn’t able to figure out running the command without a json file, nor was I able now to find the docs that describe pinata.

This is also something I’ve just encountered… An answer on how to configure docker on OSX would be great, thanks!

As far as I know “insecure-registry” is not one of the daemon.json options, so you cannot set it in the config file, and neither can you specify it in the command line.

The recommended way of installing a registry is with a certificate from a CA as per https://docs.docker.com/registry/deploying/

We are aware that it is not currently possible to use http or https with self signed keys for registries but recommend you obtain a certificate in the mean time.

ya you’re correct, https://docs.docker.com/engine/reference/commandline/daemon/#daemon-configuration-file has a list of variables available to the .json config file. Anything else is ignored.

i was able to modify /etc/init.d/docker (by opening a console to the linux machine: screen ~/Library/Containers/com.docker.docker/Data/com.docker.driver.amd64-linux/tty) on line 39:

DOCKER_OPTS="${DOCKER_OPTS} -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock --insecure-registry some.domain.here"

and it will work after restarting the daemon (/etc/init.d/docker restart)

However whenever Docker 4 Mac restarts (ex: restarting computer), this changed is reverted. I suspect it’s because the image is reloaded. Is there any way to modify the change in a more permanent way? (besides trying to modify the com.docker.driver.amd64-linux container, since any updates from you guys would wipe the change too)

To follow up, Docker for Mac can now use self-signed certs that are added to the macOS keychain: https://docs.docker.com/docker-for-mac/faqs/#/how-do-i-add-custom-ca-certificates